<?php
require_once('includes/config.php');
require_once('includes/functions/func.global.php');
require_once('includes/classes/class.template_engine.php');
require_once('includes/lang/lang_'.$config['lang'].'.php');

// Connect to database
db_connect($config);

// Start Session
session_start();

// Check if this is an availability check from signup page using ajax
if(isset($_GET['avail']))
{
	// Check if anyone has this username
	$availcheck = mysql_num_rows(mysql_query("SELECT 1 FROM `".$config['db']['pre']."users` WHERE username='".validate_input($_GET['avail'])."' LIMIT 1"));

	if($availcheck)
	{
		// Someone already has this username
		echo $_GET['avail'].'|0';
	}
	else
	{
		// That username is available
		echo $_GET['avail'].'|1';
	}
	
	exit;
}

if(isset($_GET['confirm']))
{
	$confirm_check = mysql_num_rows(mysql_query("SELECT 1 FROM `".$config['db']['pre']."users` WHERE user_id='".validate_input($_GET['user'])."' AND status='0' AND remember='".validate_input($_GET['confirm'])."' LIMIT 1"));
	
	if($confirm_check)
	{
		mysql_query("UPDATE `".$config['db']['pre']."users` SET `status` = '1' WHERE `user_id` = '".validate_input($_GET['user'])."' AND `status` = '0' LIMIT 1 ;");
		
		header("Location: ".$config['site_url']."login.php");
	}
	else
	{
		echo $lang['INVALIDCONFID'];
	}
	
	exit;
}

// Check if they have submitted the signup page
if(isset($_POST['username']))
{
	// Initiate error messages
	$errors = 0;
	$username_error = '';
	$password_error = '';
	$email_error = '';
	$agree_error = '';
	$security_error = '';
		
	$_POST['username'] = strip_tags($_POST['username']);
	
	if(ereg('[^A-Za-z0-9]',$_POST['username']))
	{
		$errors++;
		$username_error = $lang['USERONLYALPHA'];
	}
	elseif( (strlen($_POST['username']) < 4) OR (strlen($_POST['username']) > 16) )
	{
		$errors++;
		$username_error = $lang['USERBETWEEN'];
	}
	else
	{
		$avail = mysql_num_rows(mysql_query("SELECT 1 FROM ".$config['db']['pre']."users WHERE username='".validate_input($_POST['username'])."' LIMIT 1"));
		
		if($avail)
		{
			$errors++;
			$username_error = $lang['USERUNAV'];
		}
	}
	
	if( (strlen($_POST['password']) < 4) OR (strlen($_POST['password']) > 16) )
	{
		$errors++;
		$password_error = $lang['PASSBETWEEN'];
	}
	elseif($_POST['password'] != $_POST['password2'])
	{
		$errors++;
		$password_error = $lang['PASSNOMATCH'];
	}
	
	if(trim($_POST['email']) == '')
	{
		$errors++;
		$email_error = $lang['ENTEREMAIL'];
	}
	elseif(!eregi("^[[:alnum:]][a-z0-9_.-]*@[a-z0-9.-]+\.[a-z]{2,4}$", $_POST['email'])) 
	{
		$errors++;
		$email_error = $lang['INVALIDEMAIL'];
	}
	else
	{
		$avail = mysql_num_rows(mysql_query("SELECT 1 FROM ".$config['db']['pre']."users WHERE email='".validate_input($_POST['email'])."' LIMIT 1"));
		
		if($avail)
		{
			$errors++;
			$email_error = $lang['EMAILUNAVAILABLE'];
		}
	}
	
	// Check they have agreed to the terms
	if(!isset($_POST['agree']))
	{
		$errors++;
		$agree_error = $lang['ACCEPTTERMS'];
	}
	
	if($config['security'])
	{
		$_POST['security_code'] = trim($_POST['security_code']);
		
		if(strtoupper($_POST['security_code']) != strtoupper($_SESSION['seccode']))
		{
			$security_error = $lang['INVALIDSECWORD'];
			$errors++;
		}
	}
	
	if($errors == 0)
	{
		$rem = md5(mt_rand(0,56)*time());
	
		if($config['validation'] == '1')
		{
			mysql_query("INSERT INTO `".$config['db']['pre']."users` ( `user_id` , `username` , `password` , `email` , `remember` , `status` ) VALUES ('', '".validate_input($_POST['username'])."', '".validate_input(md5($_POST['password']))."', '".validate_input($_POST['email'])."', '".validate_input($rem)."', '0');");
		
			$user_id = mysql_insert_id();
			
			// Get site categories
			$cats = get_cats($config,$lang);

			$page = new HtmlTemplate ('templates/' . $config['tpl_name'] . '/email_signup_confirm.html');
			$page->SetParameter ('USER_ID', $user_id);
			$page->SetParameter ('REM', $rem);
			$page->SetParameter ('SITE_URL', $config['site_url']);
			$page->SetParameter ('EMAIL', $_POST['email']);
			$page->SetParameter ('USERNAME', $_POST['username']);
			$page->SetParameter ('SITE_TITLE', $config['site_title']);
			$email_body = $page->CreatePageReturn($lang,$config);
	
			send_email($_POST['email'],$email_body,$config['site_title'].$lang['EMAILCONF'],$config);
			
			// Load signup template
			$page = new HtmlTemplate ("templates/" . $config['tpl_name'] . '/message.html');
			$page->SetParameter ('OVERALL_HEADER', create_header($config,$lang,$cats,$lang['SIGNUP']));
			$page->SetParameter ('OVERALL_FOOTER', create_footer($config,$lang));
			$page->SetLoop ('CATS', $cats);
			$page->SetParameter ('SUBJECT', $lang['SIGNUP']);
			$page->SetParameter ('MESSAGE', $lang['SIGNUPTHANK']);
			$page->SetParameter ('LOGGEDIN', 0);
			$page->SetParameter ('SITE_TITLE',$config['site_title']);
			$page->CreatePageEcho($lang,$config);
			exit;
		}
		else
		{
			mysql_query("INSERT INTO `".$config['db']['pre']."users` ( `user_id` , `username` , `password` , `email` , `remember` , `status` ) VALUES ('', '".validate_input($_POST['username'])."', '".validate_input(md5($_POST['password']))."', '".validate_input($_POST['email'])."', '".validate_input($rem)."', '1');");
		
			$user_id = mysql_insert_id();
		
			$_SESSION['duser']['id'] = $user_id;
			$_SESSION['duser']['name'] = $_POST['username'];
		
			header('Location: index.php');
			exit;
		}
	}
}

// Get site categories
$cats = get_cats($config,$lang);

// Load signup template
$page = new HtmlTemplate ('templates/' . $config['tpl_name'] . '/signup.html');
$page->SetParameter ('OVERALL_HEADER', create_header($config,$lang,$cats,$lang['SIGNUP']));
$page->SetParameter ('OVERALL_FOOTER', create_footer($config,$lang));
$page->SetLoop ('CATS', $cats);
if(isset($_POST['username']))
{
	$page->SetParameter ('USERNAME_FIELD', $_POST['username']);
	$page->SetParameter ('EMAIL_FIELD', $_POST['email']);
	
	$page->SetParameter ('USERNAME_ERROR', $username_error);
	$page->SetParameter ('PASSWORD_ERROR', $password_error);
	$page->SetParameter ('EMAIL_ERROR', $email_error);
	$page->SetParameter ('AGREE_ERROR', $agree_error);
	$page->SetParameter ('SECURITY_ERROR', $security_error);
}
else
{
	$page->SetParameter ('USERNAME_FIELD', '');
	$page->SetParameter ('EMAIL_FIELD', '');

	$page->SetParameter ('USERNAME_ERROR', '');
	$page->SetParameter ('PASSWORD_ERROR', '');
	$page->SetParameter ('EMAIL_ERROR', '');
	$page->SetParameter ('AGREE_ERROR', '');
	$page->SetParameter ('SECURITY_ERROR', '');
}
if(isset($_SESSION['duser']['id']))
{
	$page->SetParameter ('LOGGEDIN', 1);
}
else
{
	$page->SetParameter ('LOGGEDIN', 0);
}
$page->SetParameter ('SECURITY_CODE',$config['security']);
$page->SetParameter ('SITE_TITLE',$config['site_title']);
$page->CreatePageEcho($lang,$config);
?>